1. At a requesting computing system that is communicatively connectable to a 
providing computing system, the requesting computing system including requesting 
instructions that can attempt to interact with a providing application at the providing 
computing system, a method for providing information that can used to verify measurable 
aspects of the requesting computing system, the method comprising: 

an act of performing at least one of determining that the providing computing 
system is appropriately configured to issue challenges to components included in the 
requesting computing system and determining that the providing application is 
appropriately configured to issue challenges to the requesting instructions; 

an act of subsequently accepting a challenge that was initiated by the 
providing application based at least in part on the providing computing system and 
the providing application being appropriately configured to issue challenges to the 
requesting instructions; and 

an act of submitting an assertion that that can be used to verify that the 
requesting instructions are configured in accordance with one or more measurable 
aspects that are appropriate for interacting with the providing application. 

2. The method as recited in claim 1, wherein determining that the providing 
computing system is appropriately configured to issue challenges to components included in 
the requesting computing system comprises an act of establishing an SSL connection 
between the requesting computing system and the providing computer system. 
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3. The method as recited in claim 1, wherein the act of determining that the 
providing application is appropriately configured to issue challenges to the requesting 
instructions comprises receiving proof that the providing application complies with one or 
more security and trust policies of the requesting computing system. 

4. The method as recited in claim 1, wherein the act of subsequently accepting a 
challenge that was initiated by the providing application comprises an act of subsequently 
accepting a request for proof of the values of one or more measurable aspects of the 
requesting computer system. 

5. The method as recited in claim 1, wherein the submitted assertion includes 
the values of one or more measurable aspects of the requesting computer system. 

6. The method as recited in claim 1, wherein the submitted assertion indicates 
the identity of one or more portions of the requesting instructions. 

7. The method as recited in claim 1, wherein the act of submitted assertion 
indicates an execution environment of the requesting code. 
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8. At a providing computing system that is communicatively connectable to a 
requesting computing system, the providing computing system including a providing 
application that can attempt to interact with a requesting instructions at the requesting 
computing system, a method for verifying measurable aspects of the requesting computing 
system, the method comprising: 

an act of performing at least one of proving that the providing computing 
system is appropriately configured to issue challenges to components of the 
requesting computing system and proving that the providing application is 
appropriately configured to issue challenges to the requesting instructions; 

an act of subsequently causing a configuration challenge to be issued to the 
requesting instructions; 

an act of receiving an assertion that can be used to verify that the requesting 
instructions are configured in accordance with one or more measurable aspects that 
are appropriate for interacting with the providing application; and 
an act of validating the assertion. 



gj 9. The method as recited in claim 8, wherein the act of proving that the 
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10. The method as recited in claim 8, wherein the act of proving that the 
providing application is appropriately configured to issue challenges to the requesting 
instructions comprises an act of sending proof that the providing application complies with 
one or more security and trust policies of the requesting computing system. 



11. The method as recited in claim 8, wherein the act of subsequently causing a 
challenge to be issued to the requesting computing system comprises an act of requesting 
proof of the values of one or more measurable aspects of the requesting computer system. 



12. The method as recited in claim 8, wherein the act of receiving proof that the 
requesting instructions are appropriately configured for accessing the resource comprises an 
act of receiving proof of the identity of one or more portions of the requesting instructions. 



13. The method as recited in claim 8, wherein the act of receiving proof that the 
requesting instructions are appropriately configured for accessing the resource comprises an 
act of receiving proof of the values of one or more measurable aspects of an execution 
gj environment at the requesting computer system. 
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14. At a computing system that is communicatively connectable to a network, a 
method for generating a challenge and pre-computing answers to the challenge, the method 
comprising: 

an act of accessing a first random value; 
an act of accessing a secret value; 

an act of using the first random value and the secret value as input to a first 
hash algorithm to generate a second random value; 

an act of using the first random value and the second random value as input 
to a second hash algorithm to identify one or more regions within a portion 
instructions; 

an act of retrieving values from the identified regions; and 

an act of pre-computing an answer to the challenge based on the retrieved 

values. 



15. The method as recited in claim 14, wherein the act of accessing a first 
random value comprises an act of accessing a seed nonce. 
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17. The method as recited in claim 14, wherein the act of using the first random 
value and the second random value as input to a second hash algorithm to identify one or 
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more regions within a portion instructions comprises an act of using a seed nonce and a 
challenge nonce as input to the second hash algorithm to generate a random bit stream. 



18. The method as recited in claim 14, wherein the portion of instructions 
comprises a plurality of identified regions. 

19. The method as recited in claim 14, wherein the computing system includes a 
challenge service, further comprising: 

an act of receiving a request for a challenge that a provider can subsequently 
issue to a requester; and 

an act of returning the identified one or more regions within a portion 
instructions and the values retrieved from the identified regions to the provider. 

20. The method as recited in claim 14, wherein the computing system includes a 
challenge service, further comprising: 



an act of receiving a response that was submitted to a provider as a response 




to a challenge generated by the challenge service, reception of the response 



indicating that the response was not a pre-computed answer to the challenge; 



an act of verifying the response; and 



an act of indicating to the provider that the response is valid. 
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21. At a requester that is communicatively connectable to a provider, a method 
for authorizing the requester to interact with the provider, the method comprising: 
an act of sending a request to the provider; 

an act of receiving a configuration challenge from the provider, the 
configuration challenge indicating how the requester is to prove that the requester is 
appropriately configured to interact with the provider; 

an act of sending proof of the values of one or more measurable aspects of 
the requester to the provider; and 

an act of receiving a token that can be used to prove that the requester is 
appropriately configured. 



22. The method as recited in claim 21, wherein the act sending a request to the 
provider comprises an act of sending a challenge along with the request, the challenge 
indicating how the provider is to prove that the provider is appropriately configured to issue 
configuration challenges to the requester. 
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24. The method as recited in claim 21, wherein the act of sending proof of the 
values of one or more measurable aspects of the requester to the provider comprises an act 
of sending a challenge along with the proof of the values of one or more measurable aspects, 
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the challenge indicating how the provider is to prove that the provider is appropriately 
configured to issue configuration challenges to the requester. 

25. The method as recited in claim 21, wherein an act of receiving a token 
comprises an act of receiving a token along with proof that the provider is appropriately 
configured to issue configuration challenges to the requester. 
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26. At a provider that is communicatively connectable to a requester, a method 
for authorizing the requester and the provider to interact with the provider, the method 
comprising: 

an act of receiving a request from the requester; 

an act of causing a configuration challenge to be issued to the requester, the 
configuration challenge requesting proof that the requester is appropriately 
configured to interact with the provider; 

an act of receiving proof of the values of one or more measurable aspects of 
the requester's configuration; and 

an act of sending a token that can subsequently be used to prove that the 
requester is appropriately configured. 



27. The method as recited in claim 26, wherein the an act of receiving a request 
comprises an act of receiving a challenge along with the request, the challenge requesting 
proof that the provider is appropriately configured to issue configuration challenges to the 
requester. 
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challenges to the requester. 



29. The method as recited in claim 26, wherein the act of receiving proof of the 
values of one or more measurable aspects of the requester's configuration comprises an act 
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of receiving a challenge along with the proof of the values of the one or more measurable 
aspects, the challenge requesting proof that the provider is appropriately configured to issue 
configuration challenges to the requester. 

30. The method as recited in claim 26, wherein that act of sending a token 
comprises sending a token along with proof that the provider is appropriately configured to 
issue configuration challenges to the requester. 
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31. A computer program product for use in a computing system that is 
communicatively connectable to a network, the computer program product for implementing 
a method for generating a challenge and pre-computing answers to the challenge, the 
computer program product comprising one or more computer-readable media having stored 
thereon computer-executable instructions that, when executed by a processed, cause the 
computing system to perform the following: 

access a first random value; 

access a secret value; 

use the first random value and the secret value as input to a first hash 
algorithm to generate a second random value; 

use the first random value and the second random value as input to a second 
hash algorithm to identify one or more regions within a portion instructions; 

retrieve values from the identified regions; and 

pre-compute an answer to the challenge based on the retrieved values. 
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32. A computer program product for use in a computing system having a 
requester that is communicatively connectable to a provider, the computer program product 
for implementing a method for authorizing the requester to interact with the provider, the 
computer program product comprising one or more computer-readable media having stored 
thereon computer-executable instructions that, when executed by a processed, cause the 
computing system to perform the following: 
send a request to the provider; 

receive a configuration challenge from the provider, the configuration 
challenge indicating how the requester is to prove that the requester is appropriately 
configured to interact with the provider; 

send proof of the values of one or more measurable aspects of the requester 
to the provider; and 

receive a token that can be used to prove that the requester is appropriately 
configured. 
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33. A computer program product for use in a computing system having a 
provider that is communicatively connectable to a requester, the computer program product 
for implementing a method for authorizing the requester and the provider to interact with the 
provider, the computer program product comprising one or more computer-readable media 
having stored thereon computer-executable instructions that, when executed by a processed, 
cause the computing system to perform the following: 
receive a request from the requester; 

cause a configuration challenge to be issued to the requester, the 
configuration challenge requesting proof that the requester is appropriately 
configured to interact with the provider; 

receive proof of the values of one or more measurable aspects of the 
requester's configuration; and 

send a token that can subsequently be used to prove that the requester is 
appropriately configured. 



ill 

in 



H W < 

w o n 

< 9 2 
O W 3 

C/5 



- Page 44 - 



Docket No. 13768.506 



